A Note on Vendor Application Security

No need for tinfoil hats when it comes to application security, we’re all too painfully aware of what can happen. From data breaches to destructive attacks, the potential impacts couldn’t be more clear. Web applications in particular are interesting because of their exposed position — it’s not uncommon for sensitive web applications to be secured […]

OWASP Top 10 2013 – A10 – Unvalidated Redirects and Forwards

> How did I end up here? Whenever a user is sent to some unexpected (and perhaps malicious) third-party site, an Unvalidated Redirection is said to have occurred. Though it is also known by quite a few other names: unvalidated redirect, open redirection, unvalidated forward, and so on.